Description:
A vulnerability was reported in Trend Micro Anti-Spyware. A local user can obtain elevated privileges on the target system.

A local user can create a specially crafted pathname to trigger a buffer overflow in the SSAPI's Venus Spy Trap (VST) function and execute arbitrary code on the target system. The code will run with System level privileges.

A remote authenticated user can exploit this vulnerability if a file share is enabled.

PC-cillin Internet Security 2007 is also affected.

The vendor was notified on July 12, 2007.

Ismael Briones reported this vulnerability via iDefense.

Impact:
A local user can obtain System privileges on the target system.

Solution:
The vendor has issued a fix (hot fix - build 1028). Official patches will be available on September 10, 2007.